Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 31 replies
  • Subscribers 2 subscribers
  • Views 18291 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[6.303] Very unstable since update, 5 crashes in 24 hours

drees
Since updating to 6.303 (not the reloaded one) we have one firewall which has crashed 5 times in the past 24 hours since the update.

I don't have the exact error message (the fw is not next to me so I have to have the message relayed), but the screen will say something like "not synchronizing" and "fatal error".

The machine has 2 e1000 nics, 2 8129 nics and an e100 nic.

Anyone else seeing something like this? I've seen plenty of other problems with 6.303, but nothing quite like this. Out of 5 firewalls running 6.303 (not the reload) this is the only one with problems so far...

In the mean time we are going to try putting a switch between the external nic/router and if that doesn't work luckily we have spare hardware we can load a backup onto.


This thread was automatically locked due to age.
Parents
  • 0
    After closer analysis of the logs, it appears to be the PPTP crash problem mentioned in this thread https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/25758

    2006:09:15-09:41:48 (none) pptpd[24922]: CTRL: Received PPTP Control Message (type: 15)
    2006:09:15-09:41:48 (none) pptpd[24922]: CTRL: Got a SET LINK INFO packet with standard ACCMs
    2006:09:15-09:41:48 (none) pppd-pptp[24923]: rcvd [LCP TermReq id=0x8 "}\37777777744m\37777777666\000


    That's the last thing I see in the logs, then the thing gets hung.

    So how can I install the new 6.303 so I don't have to swap out hardware and reinstall from scratch?
  • 0 in reply to drees
    I reinstalled 6.303 and it looks OK now.

    But the kernel did oops when shutting down for the update, see the attachment.
  • 0 in reply to BrucekConvergent
    Log into the console, edit (via vi) the /etc/version file.. set it back to 6.302.  Re-run the System Up2Date prefetch via Webadmin, then install.
    Thank you. I have followed your advice (except that I used joe to edit the /etc/version script), and I was then able to retrieve and install the updated version of the 6.303 patch. Hopefully, our office firewall will now be stable again.

    Prior to repatching it, we have had a total of nine firewall crashes these last few days. Each time the Astaro console would display the message Kernel panic - not syncing: Fatal exception in interrupt.
  • 0 in reply to VelvetFog
    No problem.. we didn't see anyone with the crash issue on the customer units we updated, or our lab units.. but I did update the few that got the "older" 6.303 update in the same manner as I described for you.  By any chance did you start a ticket with Astaro?  I sure would be interested in what they had to say about your crashes.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    No, I haven't opened a support ticket on this issue. However, if installing the new 6.303 patch on top of the old one as we did today, doesn't solve this problem, I will talk to support.

    I also run ASG ver 6.3 on a much older and slower machine at home. That one received the updated 6.303 patch, and I have not had any problems with it afterwards.
  • 0 in reply to VelvetFog
    Yep, look at the picture I attached to post #3 in this thread, exactly the same as me.

    I have one machine that is running the old 6.303, which isn't crashing, but it's not doing any PPTP connections. It does seem to get "stuck" once a day or so and stop moving packets for a few minutes, we are still trying to schedule the 6.303 reload. Nothing in the logs.

    We've had problems with 2 machines getting stuck when booting up 6.303 and never come back online, one with the old 6.303 one with the new 6.303.
  • 0 in reply to drees
    Will someone open a ticket for this?  A few of my boxes with the recent 6.303 are starting to hang a lot.
  • 0 in reply to InlineFive
    Already did last week. The suggested fix is in this thread. No more hangs after applying the latest update.
  • 0 in reply to drees
    Follow up.

    The Astaro firewall machine in our office has now been running flawlessly for three days since we updated the 6.303 patch to the new version.
  • 0 in reply to VelvetFog
    Just curious.. those of you who had a "hang" issue before the "final" 6.303 update.. did you have PPTP Server enabled?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Yes. Was actively using PPTP connections. Have one running the original 6.303 which seems to be mostly stable but not using PPTP on it.
  • 0 in reply to drees
    I figured the PPTP thing was the issue.. that is a kernel change that they made to "fix" some connect issues... explains why none of my customer's units had an issue with the old 6.303 --- I don't use PPTP, only IPSEC.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to drees
    I figured the PPTP thing was the issue.. that is a kernel change that they made to "fix" some connect issues... explains why none of my customer's units had an issue with the old 6.303 --- I don't use PPTP, only IPSEC.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Cookie Information Banner